New laptop has bitlocker - where is recovery key


Hazel123

Well-known member
Power User
VIP
Local time
2:16 PM
Posts
2,041
OS
Windows 11
I mentioned recently I'd bought an HP Pavilion Aero 13 in a clearance sale. It's a new laptop (even if probably older stock). Just doing initial set up and it says the drive has bitlocker. There is a bios update waiting that says if you do the bios update make sure you know your bitlocker recovery key. So I haven't done the bios update yet. It came with Windows 11 Home installed so why would it have bitlocker set up? And any idea where the key is? It's currently on 21H1 although it's doing Windows updates at the moment.
 
Windows Build/Version
Windows 11 21H2 Build 22000.282

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
I mentioned recently I'd bought an HP Pavilion Aero 13 in a clearance sale. It's a new laptop (even if probably older stock). Just doing initial set up and it says the drive has bitlocker. There is a bios update waiting that says if you do the bios update make sure you know your bitlocker recovery key. So I haven't done the bios update yet. It came with Windows 11 Home installed so why would it have bitlocker set up? And any idea where the key is? It's currently on 21H1 although it's doing Windows updates at the moment.


Wait for verification, but I don't think you need to worry about that warning.
I believe it's just a generic warning when you flash the BIOS.

It reminds EVERYone, whether they use Bitlocker or not... that flashing the BIOS will affect the Bitlocker key.
 

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦22631.3447 ♦♦♦♦♦♦♦23H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 4702)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 13 years?
You almost certainly have device encryption set up. You only get this on devices with a TPM and modern standby.

Bitlocker key is automatically stored in the TPM. You can export it I understand.

The safest option is to simply turn device encryption off before you do a bios update.

You can turn it on again afterwards.
 
Last edited:

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0
I've had a look in settings and device encryption is turned on. There was also a link to copy the recovery key, which I've done, to an external drive. Thanks. What I'm confused about is why it has bitlocker turned on anyway - it's not Windows 11 Pro, it's Windows 11 Home.

So presumably I can just turn it off and leave it off? I don't really want or need device encryption on this laptop.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
Last edited:

My Computers

System One System Two

  • OS
    Win7
    Computer type
    PC/Desktop
    CPU
    i5-8400
    Motherboard
    gigabyte b365m ds3h
    Memory
    2x8gb 3200mhz
    Monitor(s) Displays
    benq gw2480
    PSU
    bequiet pure power 11 400CM
    Cooling
    cryorig m9i
  • Operating System
    win7
    Computer type
    PC/Desktop
    CPU
    pentium g5400
    Motherboard
    gigabyte b365m ds3h
    Memory
    1x8gb 2400
    PSU
    xfx pro 450

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
Sorry? I don’t understand that.

This is what it shows in settings

IMG_1459.jpeg


IMG_1458.jpeg
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
Is device encryption the same as bitlocker drive encryption though?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
No.
Home Edition devices such as ours only have Device encryption.
You can ignore references to Bitlocker.


Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
No it isn't. So why is bitlocker encryption, and a key for it, there, if I don't have Pro? According to this, "Device Encryption" has its own key that is uploaded to your one drive account - but I already uninstalled one drive.

 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
No.
Home Edition devices such as ours only have Device encryption.
You can ignore references to Bitlocker.


Denis
Thanks - so why is there a key for bitlocker encryption available (which I have copied) if it isn’t available?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
And where is the key for device encryption? If I turn it on again. If it's only in one drive then it's nowhere as I uninstalled One Drive.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
No it isn't. So why is bitlocker encryption, and a key for it, there, if I don't have Pro? According to this, "Device Encryption" has its own key that is uploaded to your one drive account - but I already uninstalled one drive.

My understanding is that if you log into Windows using a Microsoft account, that's the account wherein the recovery key is stored (in that OneDrive).
 

My Computer

System One

  • OS
    Windows 11
Thanks. I logged into Microsoft account and it has a bitlocker key stored under the device details. It's a bit confusing when I do have device protection but not bitlocker protection and the key stored is for bitlocker protection. Would it be the same key for both?
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
Thanks. I logged into Microsoft account and it has a bitlocker key stored under the device details. It's a bit confusing when I do have device protection but not bitlocker protection and the key stored is for bitlocker protection. Would it be the same key for both?
Think of device encryption as Bitlocker "lite" it is considered the same in name as the full Bitlocker in pro. Same key as well but fewer features.
 

My Computer

System One

  • OS
    Windows 10
Hazel,

Turning off Device encryption needs no key.
Once you turn off Device encryption in your Windows 11 Home computer, you'll never need to worry about this subject again.


All the best,
Denis
 

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
Thanks. As long as I know it's the same key and there isn't another one somewhere :-) Thanks Try3.

So aside from that, laptop is good. Small but a nice size as narrow but taller screen. Only thing so far is the usb slot is very tight.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
Not that fast. It's Ryzen 7 - it's not as fast as Core i7 and seems about the same as my Core i5 laptop. But it does the job.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    HP Pavilion 14-ce3514sa
    CPU
    Core i5
    Memory
    16gb
    Hard Drives
    Samsung 970 evo plus 2TB
    Cooling
    Could be better
    Internet Speed
    200mbps Starlink
    Browser
    Firefox
    Other Info
    Originally installed with a 500gb H10 Optane ssd
I've had a look in settings and device encryption is turned on. There was also a link to copy the recovery key, which I've done, to an external drive. Thanks. What I'm confused about is why it has bitlocker turned on anyway - it's not Windows 11 Pro, it's Windows 11 Home.

So presumably I can just turn it off and leave it off? I don't really want or need device encryption on this laptop.
This is default for most major oem laptops with W11 Home with tpm and modern standby.

Turn it off and it will stay off.

The only real reason to use device encryption is if pc gets stolen, and thief cannot bypass your login passwords and removes drive to see if they can access your data on another pc.

If thief bypasses your login password, device encryption is pretty useless.

A common way of bypassing login passwords is to boot from a usb drive with software to reset password.

This can be made much harder by setting a bios password as well.
 

My Computer

System One

  • OS
    Windows 10 Pro + others in VHDs
    Computer type
    Laptop
    Manufacturer/Model
    ASUS Vivobook 14
    CPU
    I7
    Motherboard
    Yep, Laptop has one.
    Memory
    16 GB
    Graphics Card(s)
    Integrated Intel Iris XE
    Sound Card
    Realtek built in
    Monitor(s) Displays
    N/A
    Screen Resolution
    1920x1080
    Hard Drives
    1 TB Optane NVME SSD, 1 TB NVME SSD
    PSU
    Yep, got one
    Case
    Yep, got one
    Cooling
    Stella Artois
    Keyboard
    Built in
    Mouse
    Bluetooth , wired
    Internet Speed
    72 Mb/s :-(
    Browser
    Edge mostly
    Antivirus
    Defender
    Other Info
    TPM 2.0

Latest Support Threads

Back
Top Bottom